Source: Veracode.com

Sep 16, 2016

As an application owner, you have the task of staying abreast of the security issues in critical applications soon to hit production. You need a workflow that allows you to quickly identify that vulnerabilities identified in a full dynamic scan have been addressed by development. You also have to produce a report to the business listing the vulnerabilities that have been addressed and those th...

Source: Veracode.com

Sep 16, 2016

One of the biggest security threats is that enterprise mobile app testing is overwhelmingly focused on functionality and not security. Pen testing of apps to see what data they—or some third-party app it is integrated with—are actually retaining is hardly ever done prior to deployment, if then. Why?
It's simply not in the mindset of line-of-business managers. They want/need the apps to perform...

Source: Veracode.com

Sep 16, 2016

Cyberwar – the term conjures images of futuristic warriors battling for control of Earth ala the Terminator or the Matrix. But the truth is cyberwar is just as much a part of our national history as it is a potential future crisis. And as the old adage goes “ what has happened before will happen again”. The main difference between the cyberwar of the past and the one of today, or the future ...

Source: Veracode.com

Sep 16, 2016

Not only is e-commerce being radically changed due the mobilization of shoppers, but it's disproportionately happening with younger consumers. At the same time, law enforcement and government regulatory attention is being focused on age violations. And yet, the vast majority of companies have age-verification systems that provide almost no legal protections.
Consider Facebook's recent age veri...

Source: Veracode.com

Sep 16, 2016

As we outlined in the previous blog post, DevOps is in danger of not being properly secured unless it adopts technologies specifically designed for that purpose.
Traditional application security technologies were not designed to work in a DevOps environment. Even from DevOps name, it is obvious, that DevOps-enabling tools should be designed for Development and Operations specialists. And for s...

Source: Ars Technica Security RSS

Sep 16, 2016

Enlarge (credit: Apple)
Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates.
Today, Apple has released updates for Safari 9 and OS X El Capitan and Yosemit...

Source: Ars Technica Security RSS

Sep 16, 2016

Enlarge / If you haven't changed your password for Last.fm since 2012, it's long past time—the passwords are now easily grabbed from the Internet.
The contents of a March 2012 breach of the music tracking website Last.fm have surfaced on the Internet, joining a collection of other recently leaked "mega-breaches" from Tumblr, LinkedIn, and MySpace. The Last.fm breach differs from the Tumblr ...

Source: Ars Technica Security RSS

Sep 16, 2016

The latest version of OpenOffice.
OpenOffice, once the premier open source alternative to Microsoft Office, could be shut down because there aren't enough developers to update the office suite. Project leaders are particularly worried about their ability to fix security problems.
An e-mail thread titled, "What would OpenOffice retirement involve?" was started yesterday by Dennis Hamilton, v...